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Sir: 

This paper replies to the Examiner's Supplemental Answer mailed December 8, 2006, for 
which a supplemental reply brief is due February 8, 2007 according to 37 CFR 41 .43(b). 
Applicant claims small entity status, see 37 CFR 1.27. The Commissioner is authorized to 
charge any required fee to Pillsbury Winthrop Shaw Pittman llp's deposit account no. 03-3975 
(order no. 010942-0269936). 
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THE EXAMINER 'S ANSWER DOES NOT ADDRESS APPLICANT'S REPLY 

The Examiner's "supplemental" Answer mailed December 8, 2006 is word-for-word 
identical to the Answer mailed August 8, 2006. Thus, the Examiner's "supplemental" Answer 
did not address the numerous points raised in Applicant's reply brief mailed September 25, 2006. 
These points included, inter alia : 

• The Examiner's rejections rely on reducing the invention to a "gist" and rewriting or 
ignoring explicit claim limitations. For example, the claims require, inter alia , (1) storing 
rules for a plurality of companies having on-line resources, (2) identifying a company 
associated with a requested resource , and (3) retrieving rules for the identified company . 
These three steps are simply not performed by Pereira's system at all . At best, Pereira 
stores company information associated with a user , identifies a company associated with 
a user who is requesting an object, then retrieves access rules for that user . The clear and 
distinct limitations of the claims are not met just because Pereira teaches associating a 
user's company with the user as one item of information. 

• The claim limitation "wherein the step of determining whether the request requires 
authentication includes determining whether stored business rules for the identified 
company associated with the requested on-line resource indicates that authentication for 
the user is required" is not met at all by the alleged combination of Pereira and Viavant. 
The Examiner's position is that Pereira teaches granting access to an object with rules 
that identify a company, and that Viavant teaches authentication. However, the invention 
as a whole set forth in the claims requires storing business rules that allow a particular 
company from among a plurality of companies to specify how and when authentication is 
required for its on-line resources requested by users. This is much more than just a 
combination of a system for one company that stores access rules for users and another 
system for performing authentication for users. 

• The Examiner mis-characterizes Pereira's teachings by asserting that Pereira's "database 
has the attribute of 'company' and in the example provided, gives user 3 conditional 
Read-Only access to Company A objects." This is unsupported and hypothetical. There 
is no statement in Pereira that the database contains objects from more than one company 
such as "Company A objects." Pereira does disclose that access can be controlled for 
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groups of objects in the same database . However, there is no suggestion that anyone 
other than the single company whose database is made available to others via the 
Extranet can control access to objects in the database. At best, Pereira allows access to 
groups of objects in a database to be controlled for users based on a company the users 
are associated with. 

• The Examiner's Answer implicitly admits that the prior art does not disclose storing a 
user's historical authentication patterns as required by claims 2, 21 and 40. Ignoring the 
clear claim language, however, the Examiner's Answer states that "the term 'the user's 
historical authentication patterns' is not used before the claim argued. Without context 
and interpreted broadest reasonable interpretation, a historical authentication pattern 
could be interpreted as the pattern made up of the current call, or a plurality of 
communication attempts." (Answer at 9.) This interpretation is indeed broad but it is 
unreasonable. It completely writes the word "authentication" out of the claim. 
Authentication cannot be reasonably be interpreted as any type of attempt to make a call, 
as suggested by the Examiner. Moreover, the antecedent context of "historical 
authentication pattern" refers to the authentication that is conditionally performed in 
claim 1, which includes conditionally obtaining an indicia of physical identification from 
the user. Accordingly, claim 2 (as well as claims 21 and 40) require this physical 
authentication as context, and a historical pattern refers to a user's history of 
authentication as set forth in the independent claims. 

Because the foregoing positions remain unchallenged by the Examiner, they should be 
assumed to be correct. 

PEREIRA MEREL Y TEA CHES CONTROLLING A CCESS BY OUTSIDERS (E. G USERS 
FROM OTHER COMPANIES) TO ONE COMPANY'S EXTRANET 
Contrary to the claimed invention, that explicitly requires allowing a plurality of 
companies to control when and how authentication is required for accessing their respective on- 
line resources, Pereira merely describes how one company can control access to its own Extranet. 
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Webopedia defines an Extranet as (emphasis added): 



A buzzword that refers to an intranet that is partially accessible to 
authorized outsiders. Whereas an intranet resides behind a firewall and is 
accessible only to people who are members of the same company or 
organization , an extranet provides various levels of accessibility to 
outsiders . You can access an extranet only if you have a valid username 
and password, and your identity determines which parts of the extranet 
you can view. 

In other words, as is well understood in the art, a conventional Extranet as described by 
Pereira merely allows one company or organization to extend access to its resources by outsiders 
(e.g. users from other companies), in addition to its own members. There is simply no explicit or 
inherent teaching or suggestion in Pereira whatsoever about controlling access to on-line 
resources of a plurality of companies , as is required by the claimed invention. 

CONCLUSION 

For the foregoing reasons, Appellants respectfully request that all the pending claims be 
deemed allowable by this honorable Board. 




Respectfully submitted, 
PILLSBURYWINTHRGP SHAW 



SHAW PITTMAN LLP 



Date: February 6, 2007 
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